CVE-2019-20374

A mutation cross-site scripting XSS issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML...

EUVD-2019-16358

Malware in sbrugna...

EUVD-2020-10148

Malware in sbrugna...

EUVD-2020-13837

Malware in sbrugna...

EUVD-2023-33820

Malicious code in bioql PyPI...

EUVD-2022-43336

Malicious code in bioql PyPI...

EUVD-2023-23295

Malicious code in bioql PyPI...

EUVD-2023-34415

Malicious code in bioql PyPI...

CVE-2024-41482

Typora before 1.9.3 Markdown editor has a cross-site scripting XSS vulnerability via the MathJax component...

CVE-2024-31783

Cross Site Scripting XSS vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation...

CVE-2024-31784

An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component...

CVE-2023-2316

Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious...

CVE-2023-2317

DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in tag. This vulnerability can be exploited if a user opens a...

CVE-2022-43668

Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product...

CVE-2020-18221

Cross Site Scripting XSS in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula...

CVE-2019-7296

typora through 0.9.64 has XSS, with resultant remote command execution, during inline rendering of a mathematical formula...

PT-2024-24204 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora versions 1.6.7 and earlier Description: A Cross Site Scripting XSS issue allows a local attacker to obtain sensitive information via a crafted script during markdown file creation. This occurs when a local attacker crafts a script that...

Design/Logic Flaw

Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text fro...

PT-2023-22366 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.7.0-dev Description: The issue is related to improper path handling, which allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This can be exploited...

PT-2023-18871 · Typora · Typora

Name of the Vulnerable Software and Affected Versions: Typora versions prior to 1.6.7 Description: The issue allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora's main window via loading typora://app/typemark/updater/update.html in an tag. This can be exploite...